A.I. Craft structural review

I am an idiot to have the user submitted code run inside my server process. It turns out no matter what I do to round up the user committed code, it will crash. I just can not hold that beast inside my server process anymore. Here is what I am planning to do:

A.I. runs completely in it’s own process(in a wild dream, it can be even run in user’s browser as a worker process!). Security and crashes would then be handle by the operating system nicely.
Physical part of the A.I., where it reacts to the movement/sight/firing commands, remains in the server process. If A.I. running in browser, then physical body for A.I. should be using some sort of RESTful Websocket API. This effectively solves my current problem.